About Arcinsys - Data protection - Imprint
The archival information system Arcinsys is a web-based application. It can be used from any computer connected to the Internet with an up-to-date browser without the local installation special software.
Both external users and archives employees access the same system. Different information is displayed according to the function of the person using the system. The earlier division between acquisition software and web presentation is no longer required. This web-based application facilitates the joint use of the archival information system by an associated group of several archives.
Arcinsys was developed as Version 2 of the previous Hessian Archive Documentation and Information System HADIS. The Arcinsys modules Navigator (navigating research, description) and Search (full-text search, identifier search) are based on HADIS components. In addition, Arcinsys has the following modules: Order (memo list, order function), Request (requests for access, approval administration), Access (issuing, accessing, reading room administration), Transfer (advice for authorities, appraisal, access administration), Management (index planning, inventory maintenance), Storage (stacks management), Administration.
Arcinsys uses the representation model for analogue and digital archival material. Each archival item description thus describes an information object as a logical unit rather than as a physical unit. An archival item can have several physical representations associated with it, – e.g. the original on paper, its microfiche image and the digital copy for access. For objects that are originally digital, several representations can reproduce different migration levels. The user orders an archival item for access; the archives provides a representation for access.
Arcinsys uses exclusively freely reusable software components. Other archives can therefore reuse the software without third-party licence restrictions.
Arcinsys uses a differentiated authorisation model in order to protect personal data as well as possible. The personal data saved in the system are description data contained in the archival material on the one hand. On the other hand, personal data of the system users and thus also of the archival employees, are processed.
Storing and publishing personal data from the description of archival material is subject to the General Data Protection Regulation of the EU and to the applicable archival law (federal, state, and archival acts and regulations: Landesarchivgesetz, Bundesarchivgesetz, Archivsatzung, etc.). As a rule, archival material can be viewed and analysed after a period of protection that is laid down in the respective regulation. If a period of protection is still valid, Arcinsys will notify you of it. In this case, the archival item can normally not be ordered and accessed. The description data (metadata) for such an archival item can nevertheless be visible in Arcinsys even before the period of protection has expired if such publication does not disclose information that is to be protected. Description data containing personal data that is protected, however, can only be accessed in Arcinsys by the employees responsible at the repository archives.
The protection of the personal data of the users of Arcinsys is subject to the applicable data protection law (in particular the General Data Protection Regulation of the EU and the applicable state data protection act "Landesdatenschutzgesetz"), the provisions of which are implemented as follows:
Arcinsys can be used without prior log in. It is possible to conduct research in the published described data. No personal data will be stored if you use Arcinsys in such a manner.
The operator of this application collects protocol data on each access (so-called server logfiles). These protocol files ensure the technical functions and security of the application. The provider reserves the right to subsequently check the protocol files if there is reasonable suspicion based on concrete evidence of an unlawful use. The protocol files are deleted regularly after brief intervals.
Users who register and create a user account in Arcinsys store their personal data themselves. The mandatory details are a self-selected, unique username, last and first name, an e-mail address, and the date of birth. These data are stored in the application to offer the user customised access to certain additional features of the programme. Logged-in users can keep an individual memo list and submit requests for access or access forms at certain archives. When they are logged in, they can change the data they entered in the registration process at any time under the menu item "My data". Only the username cannot be changed.
The username and the password are necessary for logging in to Arcinsys. Instead of the password, a checksum value is created and saved in the database so that the password cannot be accessed or viewed even by the technical administrators of the application. The e-mail address collected with registration is used exclusively for enabling the user to reset a forgotten password. The e-mail address is not forwarded to the archives. If a user is to be assigned to an archives in Arcinsys with the status of an employee, she or he discloses her or his personal data (last name, first name, and username) to the archival administrator for the purpose of unique identification prior to authorisation.
Further details (e.g. address data) can be stored in addition to the mandatory fields when registering. The stored details are automatically adopted to later requests for access or access forms, thus serving for more user friendliness. Archives only receive these data from registration and user account when a request for access or an access form is submitted. The data adopted from registration can be changed (corrected) when filling out the request for access or the access form. Non-mandatory data (such as the e-mail address) can also be removed from the form. After a request for access or an access form has been submitted and the page closed, these data can no longer be changed. The data are made accessible to the contacted archives by submitting the request for access or the access form.
The data in access forms or requests and in approvals for access, as well as information about submitted and accessed archival items can be viewed by the user herself or himself and by authorised employees of the archives of access. It is permissible to process the data in the described manner as this is necessary for the lawful fulfilment of the archival duties.
Only the owner of a user account herself or himself can make entries into her or his memo list and access the memo list. Even when a request for access or an access form has been submitted, the archives cannot access these data. After transmitting the order, the user herself or himself can delete the data from the memo list; this has no effect on previous orders.
The following specifications pertain both to personal data relating to a data subject that are collected from the data subject (Article 13) and to personal data that have not been obtained from the data subject (Article 14).
The personal data provided by you are processed for the purpose of handling your registration, your request, and your access according to the applicable archival regulations and for statistical purposes. The legal basis for processing the data from your registration and from your request for access or a access form is Article 6, paragraph 1, point b GDPR (performance of a contract or steps prior to entering into a contract).
The controllers processing the personal data from registrations, user accounts, and memo lists can be found here.
The controllers processing the personal data from requests for access, orders of archival items, accesses to archival items, and the improvement function in Arcinsys can be found on the Arcinsys detail page of the particular archives where the request was submitted or where the archival items were ordered or accessed. The link to the particular detail page can be determined via the page "Participating archives"(www.arcinsys.de).
The responsible data protection officers can also be contacted via the addresses listed there.
The period for which the personal data will be stored is described below in the subsection "Deletion of data".
Data subjects have the right to request from the controller information on, access to, and, where applicable, rectification of the personal data concerning them. Under certain conditions, they have the right to erasure of personal data or restriction of processing of personal data concerning them, or to object to such processing, as well as the right to data portability.
Data subjects have the right to withdraw consent at any time to the processing of their data. The processing of data based on consent before its withdrawal remains lawful.
Data subjects have the right to lodge a complaint with the state officer for data protection.
Personal data collected from the data subject for registration, in the user account, or for requests for access or access forms, orders of archival items, and accesses to archival items, are required for being able to access archival items according to the applicable archival law. There is no legal obligation to provide such data. Failure to provide the data will usually make it impossible to gain access to archival material.
The recipient of the collected data is either the provider of the application or the particular archives. The subsection "User data" above explains in detail who has access to which data.
If the data are not obtained from the data subject, the archives will collect the data from its own findings in order to document approvals for access, granting of approvals and authorisations, as well as issuing of archival items.
It is necessary to store personal data of archival employees together with their assigned roles and authorisations in order to be able to reproduce the statutory duties in the system. The employees can only access those personal data that are in their range of authorisation. Storing personal data of employees is required for conducting internal organisational functions and it is therefore admissible. The data cannot be used for unlawful behaviour or performance monitoring. The name of an employee is only linked to an action when the employee makes entries in a request for access or an access form in order to grant, extend, or refuse an approval, or to issue conditions or add notes.
We analyse the use of Arcinsys. This gives us important information for improving the application. This includes knowledge about the frequency of access to certain contents or the browser type and device used to access Arcinsys. The saved data will be used only for statistical purposes. We will not use the data in any other way nor will we pass it on to third parties.
Personal data are of no added value for optimising Arcinsys. We therefore employ the web analytics application Matomo, which is recommended by data protectionists. The IP addresses are automatically anonymised so that the collected data can no longer be assigned to certain persons. It is thus prevented that usage data and usage profiles are connected with personal data.
Browsers commonly transmit data for any access to a website or any data retrieval. When you access Arcinsys, we will anonymously save the following information and data:
If you have activated the function in your browser for automatically deleting cookies, the deactivation cookie will also be deleted when you end the session. In this case you will have to object to the data collection again the next time when you access this website. If you use a different computer or web browser, you will also have to object to the collection of your personal data once again.
Insofar as not prescribed otherwise by regulations, user account data will be automatically deleted by the system 5 years after their last use. User data relating to a specific intent of access and to a specific archives will, however, not be automatically deleted. These data will be deleted from the system by the respective archives after expiration of the storage period as laid out by regulations.
Mosbacher Straße 55
The Federal State of Hessen is a public corporation represented by the Prime Minister of Hessen.
Dr. Peter Sandner, Hessisches Landesarchiv
Some of the contents on this Internet site are protected by copyright. Images, diagrams, texts, marks or other works and services may wholly or partly be subject to third-party rights.
The contents of this website have been examined with appropriate due care regarding contents, origin and truth. No warranty is given for the completeness, correctness, or topicality, nor for the continuous availability of the provided information. –As far as legally permissible –, no liability is assumed for damages arising from the use or non-use of information offered on this website or from calling or downloading data or from installing or using downloaded software.
Our website contains links to external websites of third parties, over whose content we have no influence. These links merely enable access to the use of third-party contents according to the German telemedia act § 8 Telemediengesetz.
The persons responsible checked the linked pages at the time the link was created for potential responsibility relating to civil or criminal law caused by it. As far as this is technologically possible and reasonable, we will remove relevant links immediately as soon as we become aware of violations of civil or criminal law.
The laws of the Federal Republic of Germany apply.
Arcinsys-Version: 26.8 (29.11.2022)